CLAIMS 



1. A method for use by a server coupled to one or more client devices in a 
distributed computing environment, the method comprising: 

hosting a set of resources; 

receiving a request for a user to perform an operation on a resource of the 
resources, the request being received via an apphcation hosted by the server; 
and 

determining whether to authorize the operation as a function of whether the 
user has been delegated authority to perform the operation with respect to the 
resource, the authority being independent of whether the user is a member of an 
administrators group associated with any resource of the server. 

2. A method as recited in claim 1, wherein determining whether to authorize 
the operation is performed by a secure delegation adnunistration framework. 

3. A method as recited in claim 1, wherein the operation is associated with 
modification of content and/or functionality of the resource. 

4. A method as recited in claim 1, wherein the resource is represented as an 
Internet Information Service (IIS) metabase node. 
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5. A method as recited in claim 1, wherein the request comprises a scope 
associated with the user, and a name of a method associated with the operation. 

6. A method as recited in claim 1, wherein the resource is a Web site hosted by 
an Internet Service Provider (ISP), and wherein the user is not authorized to 
perform administrative activities on any resources associated with the ISP except 
by sending the request to the ISP for permission evaluation by the secure 
delegation administration framework. 

7. A method as recited in claim 1, wherein the request further comprises an 
indication of whether the user desires to execute the operation via a dynamically 
buih command line or via an executable object akeady associated with the 
operation. 

8. A method as recited in claim 1, wherein the request further comprises an 
indication of whether the user desires to log a result of the operation. 

9. A method as recited in claim 1, wherein the secure delegation administration 
framework is secure at least because it does not allow the user access to a mapping 
of user role-based permission to perform the operation directed to the resource. 
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10. A method as recited in claim 1, wherein the method further comprises: 
instaUing the application on the server; 

responsive to the installing, the application identifying a set of operations 
that the application can perform; 

mapping, by a member of the administrators group, the operations to a set 
of security permissions based on authorization specific role(s) of a set of users 
comprising the user; and 

wherein determining further comprises the apphcation utilizing the 
mapping to identify whether the user has permission to perform the operation. 
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11. A method as recited in claim 1 , wherein the method further comprises: 
specifying, by a member of the administrators group, role-based user access 

permissions to nodes of an Internet Information Services (IIS) metabase 
identifying the resources; 

indicating, an interface to a task, the interface comprising a set of 
parameters and a name, the task comprising the operation; and 

wherein determining further comprises: 

locating the interface in a configuration file; 

responsive to locating the interface, presenting an identity of the user 
to the resource to evaluate a scope in view of the parameters and the name and the 
resource; and 

responsive to the presenting, identifying whether the user has been 
delegated a role-based access permission to perform the operation with respect to 
the resource. 

12. A method as recited in claim 1, wherein responsive to determining that the 
user has been delegated authority to perform the operation with respect to the 
resource, the method further comprises: 

setting parameters associated with the operation; and 
executing the operation within a scope associated with the user. 
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13. A computer-readable medium for use in a distributed computing 
environment including a server and one or more client computing devices coupled 
to the server, the computer-readable medium comprising computer-executable 
instructions for: 

hosting a set of resources, a particular resource of the resources allowing a 
user to determine whether the user has delegated authority to access a resource of 
the resources; 

receiving a request from the user to perform an operation on the resource; 

and 

determining whether to authorize the operation as a function of whether the 
user has been delegated a role-based scope of authority to perform the operation, 
the role-based scope of authority not requiring the user to be a member of an 
administrators group associated with any resources of the server. 

14. A computer-readable medium as recited in claim 13, wherein the operation 
is associated with modification of content and/or functionality of the resource. 

15. A computer-readable medium as recited in claim 13, wherein the resource 
is represented as an Internet Information Service (IIS) metabase node. 



Lee & Hayes, PLLC 
(509) 324-9256 



62 



Atty Docket No. MS 1-1684US 



16. A computer-readable medium as recited in claim 13, wherein the request 
comprises a scope associated with the user, and a name of a method associated 
with the operation. 

17. A computer-readable medium as recited in claim 13, wherein the resource 
is a Web site hosted by an Internet Service Provider (ISP), and wherein the user is 
not a member of the administrators group. 

18. A computer-readable medium as recited in claim 13, wherein the request 
further comprises an indication of whether the operation is to be executed via a 
dynamically built command line or via an executable object akeady associated 
with the operation. 

19. A computer-readable medium as recited in claim 13, wherein operations 
associated with determining whether to authorize the operations are secure at least 
because the user does not have access to user role-based pennission(s) to perform 
the operation. 
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20. A computer-readable medium as recited in claim 13, wherein the 
computer-executable instructions further comprise instructions for: 

identifying a set of operations associated with the resource; 

mapping the operations to a set of security permissions, the security 
permissions being based on authorization specific role(s) of a set of users 
comprising the user; and 

wherein the instructions for determining further comprise instructions for 
utihzing the mapping to identify whether the user has permission to perform the 
operation. 
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21. A computer-readable medium as recited in claim 13, wherein the 
computer-executable instructions further comprise instructions for: 

securely specifying role-based user access permissions to nodes of an 
Internet Information Services (IIS) metabase identifying the resources; 

indicating an interface to a task, the interface comprising a set of 
parameters and a name, the task comprising the operation; and 

wherein the computer-executable instructions for determining further 
comprise instructions for: 

locating the interface in a configuration file; 

responsive to locating the interface, presenting an identity of the user 
to the resource to evaluate a scope in view of the parameters and the name and ttie 
resource; and 

responsive to the presenting, identifying whether the user has been 
delegated a role-based access permission to perform the operation with respect to 
the resource. 

22. A computer-readable medium as recited in claim 13, wherein the 
computer-executable instructions, responsive to determining that the user has been 
delegated authority to perform the operation with respect to the resource, further 
comprise instructions for: 

setting parameters associated with the operation; and 
executing the operation within a scope associated with the user. 
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23. A server for use in a distributed computing environment including the 
server and one or more client computing devices coupled to the server, the server 
comprising: 

a processor; and 

a memory coupled to the processor, the memory comprising computer- 
executable instructions for: 

hosting a set of resources; 

receiving a request from a user to perform an operation on a resource 
of the resources; and 

determining whether to authorize the operation as a function of 
whether the user has been delegated a role-based scope of authority to perform the 
operation, the role-based scope of authority not requiring the user to be a member 
of an administrators group associated with resources of the server. 

24. A server as recited in claim 23, wherein the request is generated by at least 
one resource of the resources. 

25. A server as recited in claim 23, wherein the operation is associated with 
modification of content and/or functionality of the resource. 

26. A server as recited in claim 23, wherein the resource is represented as an 
Internet Information Service (IIS) metabase node. 
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27. A server as recited in claim 23, wherein the request comprises a scope 
associated with the user, a name of a method associated with the operation. 

28. A server as recited in claim 23, wherein the resource is a Web site hosted 
by an Internet Service Provider (ISP), and wherein the user is not a member of the 
administrators group. 

29. A server as recited in claim 23, wherein the request further comprises an 
indication of whether the operation is to be executed via a dynamically built 
command line or via an executable object akeady associated with the operation. 

30. A server as recited in claim 23, wherein the secure delegation 
administration framework is secure at least because it does not allow the user 
access to a mapping of user role-based permission to perform the operation 
directed to the resource. 
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31. A server as recited in claim 23, wherein the computer-executable 
instructions further comprise instructions for: 

identifying a set of operations associated with the resource; 

mapping the operations to a set of security permissions based on 
authorization specific role(s) of a set of users comprising the user; and 

wherein the instructions for determining further comprise instructions for 
utilizing the mapping to identify whether the user has permission to perform the 
operation. 
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32. A server as recited in claim 23, wherein the computer-executable 
instructions further comprise instructions for: 

securely specifying role-based user access permissions to nodes of an 
Internet Information Services (IIS) metabase, the nodes identifying the resources; 

indicating an interface to a task, the interface comprising a set of 
parameters and a name, the task comprising the operation; and 

wherein the computer-executable instructions for determining further 
comprise instructions for: 

locating the interface in a configuration file; 
responsive to locating the mterface, presenting an identity of the user 
to the resource to evaluate a scope in view of the parameters and the name and the 
resource; and 

responsive to the presenting, identifying whether the user has been 
delegated a role-based access permission to perform the operation with respect to 
the resource. 

33. A server as recited in claim 23, wherein the computer-executable 
instructions, responsive to determining that the user has been delegated authority 
to perform the operation with respect to the resource, further comprise instructions 
for: 

setting parameters associated with the operation; and 
executing the operation within a scope associated with the user. 
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34. A server comprising: 

means for hosting a set of resources; 

means for receiving a request from the user to perform an operation on a 
resource of the resources; and 

means for determining whether to authorize the operation as a function of 
whether the user has been delegated a role-based scope of authority to perform the 
operation, the role-based scope of authority not requiring the user to be a member 
of an administrators group associated with the server, 

35. A server as recited in claim 34, wherein the operation is associated with 
modification of content and/or functionality of the resource. 

36. A server as recited in claim 34, wherein the resource is an Internet 
Information Service (IIS) metabase node. 

37. A server as recited in claim 34, wherein the resource is a Web site hosted 
by an Internet Service Provider (ISP), and wherein the user is not a member of the 
administrators group. 



Lee & Hayes, PLLC 
(509)324-9256 



70 



Atty Docket No. MS 1 -1 684US 



38. A server as recited in claim 34, wherein responsive to determining that the 
user has been delegated authority to perform the operation with respect to the 
resource, the server further comprises: 

means for setting parameters associated with the operation; and 

means for executing the operation within a scope associated with the user. 
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